package com.tensquare.user.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 安全配置类
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    //authorizeRequests所有security全注解的开始，开始需要权限的声明
    //现需要的权限有两部分、1：需要拦截的路径2：访问路径需要的权限
    //antMatchers拦截路径、permitAll所有权限都可以通行、直接放行所有、anyRequest任意请求authenticated认证后可以访问
    //使csrf失效disable
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/**").permitAll()
                .anyRequest().authenticated()
                .and().csrf().disable();
    }
}
